Skip to content
Browse files

Prevent passing in of monitor type that could contain invalid charact…

  • Loading branch information...
1 parent 5295b8a commit ed7365064c189b8f136a9f952062249167d1bd9e @jcameron jcameron committed Jul 10, 2012
Showing with 3 additions and 0 deletions.
  1. +1 −0 status/edit_mon.cgi
  2. +1 −0 status/lang/en
  3. +1 −0 status/save_mon.cgi
View
1 status/edit_mon.cgi
@@ -9,6 +9,7 @@ $access{'edit'} || &error($text{'mon_ecannot'});
@handlers = &list_handlers();
if ($in{'type'}) {
# Create a new monitor
+ $in{'type'} =~ /^[a-zA-Z0-9\_\-\.]+$/ || &error($text{'mon_etype'});
$type = $in{'type'};
$title = $text{'mon_create'};
if ($in{'clone'}) {
View
1 status/lang/en
@@ -104,6 +104,7 @@ mon_eremote2=Webmin server $1 could not be contacted : $2
mon_estatus=Webmin server $1 does not have the System and Server Status module
mon_ecannot=You are not allowed to edit monitors
mon_ertype=This monitor type is not available on $1
+mon_etype=Invalid monitor type name
mon_runon=Run commands on
mon_runon0=This server
mon_runon1=The remote host
View
1 status/save_mon.cgi
@@ -6,6 +6,7 @@ require './status-lib.pl';
$access{'edit'} || &error($text{'mon_ecannot'});
&ReadParse();
if ($in{'type'}) {
+ $in{'type'} =~ /^[a-zA-Z0-9\_\-\.]+$/ || &error($text{'mon_etype'});
$serv->{'type'} = $in{'type'};
$serv->{'id'} = time();
}

0 comments on commit ed73650

Please sign in to comment.
Something went wrong with that request. Please try again.